projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cb2ce7a)
Fix seg fault in dtls1_new
authorMatt Caswell <matt@openssl.org>
Tue, 3 Feb 2015 16:11:49 +0000 (16:11 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 26 Mar 2015 15:02:00 +0000 (15:02 +0000)
Reviewed-by: Richard Levitte <levitte@openssl.org>
ssl/d1_lib.c patch | blob | history
ssl/record/d1_pkt.c patch | blob | history
ssl/record/s3_pkt.c patch | blob | history

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 6ffbf5fc833ddaa517d3875f5dbd61c1221d15cc..f95994211367d99b6b9ea7f266a78dbba0d7711f 100644 (file)
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -124,6 +124,10 @@ int dtls1_new(SSL *s)
 {
     DTLS1_STATE *d1;
 
+    if(!DTLS_RECORD_LAYER_new(&s->rlayer)) {
+        return 0;
+    }
+    
     if (!ssl3_new(s))
         return (0);
     if ((d1 = OPENSSL_malloc(sizeof *d1)) == NULL) {
@@ -131,12 +135,6 @@ int dtls1_new(SSL *s)
         return (0);
     }
     memset(d1, 0, sizeof *d1);
-    
-    if(!DTLS_RECORD_LAYER_new(&s->rlayer)) {
-        OPENSSL_free(d1);
-        ssl3_free(s);
-        return 0;
-    }
 
     d1->buffered_messages = pqueue_new();
     d1->sent_messages = pqueue_new();
diff --git a/ssl/record/d1_pkt.c b/ssl/record/d1_pkt.c
index 5d0adb9c4e36c337f202110a1d727990b423a0eb..e5a27883a7433ad0bf25243388e531b165faafd6 100644 (file)
--- a/ssl/record/d1_pkt.c
+++ b/ssl/record/d1_pkt.c
@@ -133,8 +133,7 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
 
 
     rl->d = d;
-    DTLS_RECORD_LAYER_clear(rl);
-    
+
     d->unprocessed_rcds.q = pqueue_new();
     d->processed_rcds.q = pqueue_new();
 
diff --git a/ssl/record/s3_pkt.c b/ssl/record/s3_pkt.c
index 065ad94b08a3561878d2ad04d769da13d34dafba..30df2b741a9f275cddecfecfee9143832079687d 100644 (file)
--- a/ssl/record/s3_pkt.c
+++ b/ssl/record/s3_pkt.c
@@ -145,8 +145,10 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl)
     size_t rlen, wlen;
     int read_ahead;
     SSL *s;
+    DTLS_RECORD_LAYER *d;
 
     s = rl->s;
+    d = rl->d;
     read_ahead = rl->read_ahead;
     rp = SSL3_BUFFER_get_buf(&rl->rbuf);
     rlen = SSL3_BUFFER_get_len(&rl->rbuf);
@@ -165,6 +167,10 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl)
     rl->read_ahead = read_ahead;
     rl->rstate = SSL_ST_READ_HEADER;
     rl->s = s;
+    rl->d = d;
+    
+    if(d)
+        DTLS_RECORD_LAYER_clear(rl);
 }
 
 void RECORD_LAYER_release(RECORD_LAYER *rl)
Unnamed repository; edit this file 'description' to name the repository.